--- a/handouts/ho02.tex Tue Sep 30 02:22:16 2014 +0100
+++ b/handouts/ho02.tex Tue Sep 30 11:34:21 2014 +0100
@@ -109,19 +109,19 @@
-\subsubsection*{Questions}
+%\subsubsection*{Questions}
-Coming back to the question of why I use online banking, but
-prefer not to e-vote.
+%Coming back to the question of why I use online banking, but
+%prefer not to e-vote.
-Why do I use e-polling in lectures?
+%Why do I use e-polling in lectures?
-Imagine you have a perfectly secure internet voting system, by
-which I mean nobody can tamper with or steal votes between
-your browser and the central server responsible for vote
-tallying. What can still go wrong with such a perfectly secure
-voting system, which is prevented in traditional elections
-with paper-based ballots?
+%Imagine you have a perfectly secure internet voting system, by
+%which I mean nobody can tamper with or steal votes between
+%your browser and the central server responsible for vote
+%tallying. What can still go wrong with such a perfectly secure
+%voting system, which is prevented in traditional elections
+%with paper-based ballots?
\end{document}
Binary file slides/slides02.pdf has changed
--- a/slides/slides02.tex Tue Sep 30 02:22:16 2014 +0100
+++ b/slides/slides02.tex Tue Sep 30 11:34:21 2014 +0100
@@ -131,7 +131,6 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Today's Lecture}
@@ -145,11 +144,9 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Voting as Security Problem\end{tabular}}
+\frametitle{Voting as Security Problem}
What are the security requirements of a voting system?\bigskip
@@ -228,13 +225,12 @@
\end{bubble}
\end{textblock}}
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}Problems with Voting\end{tabular}}
-
+\frametitle{Problems with Voting}
\begin{center}\large
\begin{tabular}{rcl}
@@ -387,12 +383,9 @@
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[t]
-\frametitle{\begin{tabular}{@ {}c@ {}}A Brief History of Voting\end{tabular}}
-
+\frametitle{A Brief History of Voting}
\begin{itemize}
\item Athenians
@@ -409,7 +402,7 @@
\item French Revolution and the US Constitution got things ``started'' with
paper ballots (you first had to bring your own; later they were pre-printed by parties)
\end{itemize}
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -531,7 +524,7 @@
\only<2>{
\begin{textblock}{5.5}(0.5,14.5)
-all are computers
+\small all are ``computers''
\end{textblock}}
\end{frame}}
@@ -586,7 +579,7 @@
A non-obvious problem:
\begin{itemize}
-\item you can nowadays get old machines, which still store old polls
+\item you can nowadays get old machines, which still store old polls\medskip
\item the paper ballot box needed to be secured during the voting until counting;
e-voting machines need to be secured during the entire life-time
@@ -644,8 +637,8 @@
\item have a simple design in order to minimise the attack surface
\end{itemize}\pause
-But overall in times of NSA/state sponsered cyber-crime, e-voting is too
-hard with current technology.
+But overall, in times of NSA/state sponsored cyber-crime, e-voting is
+too hard with current technology.
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -655,7 +648,7 @@
\frametitle{\Large Online Banking vs.~E-Voting}
\begin{itemize}
-\item online banking: if fraud occurred you try to identify who did
+\item online banking: if fraud occurs you try to identify who did
what (somebody's account got zero)\bigskip
\item e-voting: some parts can be done electronically, but not the
actual voting
@@ -673,13 +666,12 @@
\end{center}
\begin{itemize}
-\item guaranties anonymity
+\item can guarantee anonymity
\item integrity by electronic means\bigskip
\item how to achieve the same in ``software''?
\end{itemize}
-
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -752,30 +744,28 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
\frametitle{Unix-Style Access Control}
-How to do access control? In Unix you have
+How to do control access? In Unix you have
\begin{itemize}
-\item you have users and you have groups/roles:
-
+\item users and you have groups/roles:
\item some special roles: root
\end{itemize}
-
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
\frametitle{Unix-Style Access Control}
+\small
\begin{itemize}
-\item Q: ``I am using Windows. Why should I care?'' \\ A: In Windows you have similar AC:
+\item
+Q: ``I am using Windows. Why should I care?'' \\
+A: In Windows you have similar AC:
\begin{center}
\begin{tabular}{l}
@@ -784,23 +774,22 @@
authenticated users\\
server operators\\
power users\\
-network configuration operators\\
+network configuration operators
\end{tabular}
\end{center}\medskip
-\item Modern versions of Windows have more fine-grained AC than Unix; they do not have a setuid bit, but
-have \texttt{runas} (asks for a password).\pause
+\item Modern versions of Windows have more fine-grained AC than Unix;
+ they do not have a setuid bit, but have \texttt{runas} (asks for a
+ password).\pause
-\item OS-provided access control can \alert{\bf add} to your
-security.
+\item OS-provided access control can \alert{\bf add} to your security.
+ (defence in depth)
\end{itemize}
-
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm] Privilege Separation\end{tabular}}
@@ -826,39 +815,36 @@
\end{center}
\begin{itemize}
-\item the idea is make the attack surface smaller and
-mitigate the consequences of an attack
+\item the idea is make the attack surface smaller and mitigate the
+ consequences of an attack
\end{itemize}
-
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
-\frametitle{Lessons from Access Control}
+\frametitle{Weaknesses of Unix AC}
Not just restricted to Unix:
\begin{itemize}
-\item if you have too many roles (i.e.~too finegrained AC), then
- hierarchy is too complex\\
- \textcolor{gray}{you invite situations like\ldots let's be root}\bigskip
+\item if you have too many roles (i.e.~too finegrained AC), then
+ hierarchy is too complex\\ \textcolor{gray}{you invite situations
+ like\ldots let's be root}\bigskip
\item you can still abuse the system\ldots
-
\end{itemize}
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+\frametitle{A ``Cron''-Attack}
-The idea is to trick a privileged person to do something on your behalf:
+The idea is to trick a privileged person to do something on your
+behalf:
\begin{itemize}
\item root:\\\texttt{rm /tmp/*/*}\bigskip\bigskip\pause
@@ -872,14 +858,12 @@
\end{minipage}
\end{itemize}
-
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-\mode<presentation>{
\begin{frame}[c]
-\frametitle{\begin{tabular}{@ {}c@ {}}A ``Cron''-Attack\end{tabular}}
+\frametitle{A ``Cron''-Attack}
\begin{enumerate}
\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
@@ -897,19 +881,36 @@
\only<2>{
\begin{textblock}{11}(2,5)
-\begin{tikzpicture}
-\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
-{\normalsize\color{darkgray}
-\begin{minipage}{9cm}\raggedright
-To prevent this kind of attack, you need additional
+\begin{bubble}[8cm]
+\normalsize To prevent this kind of attack, you need additional
policies (don't do such operations as root).
-\end{minipage}};
-\end{tikzpicture}
+\end{bubble}
\end{textblock}}
-\end{frame}}
+\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{\Large Buffer Overflow Attacks}
+
+\begin{center}
+\begin{columns}[b]
+\begin{column}{.4\textwidth}
+\centering
+\includegraphics[scale=1.2]{pics/barrier.jpg}\\
+first lecture
+\end{column}
+\begin{column}<2>{.4\textwidth}
+\centering
+\includegraphics[scale=0.32]{pics/trainwreck.jpg}\\
+next week
+\end{column}
+\end{columns}
+\end{center}
+
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\end{document}